当前位置:网站首页>Web penetration test - 5. Brute force cracking vulnerability - (7) MySQL password cracking
Web penetration test - 5. Brute force cracking vulnerability - (7) MySQL password cracking
2022-06-24 03:38:00 【Seven days】
List of articles
MySQL Is a relational database management system , The Swedish MySQL AB Companies to develop , Belong to Oracle Its products .MySQL Is one of the most popular relational database management systems , stay WEB Application aspect ,MySQL It's the best RDBMS (Relational Database Management System, Relational database management system ) One of the application software .
MySQL Is a relational database management system , Relational databases keep data in different tables , Instead of putting all the data in one big warehouse , This increases speed and flexibility . Default port :3306.
One 、hydra
Hydra Is a parallel login cracker , It supports multiple attack protocols . It's very fast and flexible , And new modules are easy to add .kali Toolset integrated .
hydra Project address :
https://github.com/vanhauser-thc/thc-hydra/releases Full version
hydra Support :
Cisco AAA、Cisco auth、Cisco enable、CVS、FTP、HTTP(S)-FORM-GET、HTTP(S)-FORM-POST、HTTP(S)-GET、HTTP(S)-HEAD、HTTP- agent 、ICQ、IMAP、IRC、LDAP、MS-SQL、MySQL、NNTP、Oracle The listener 、Oracle SID、PC-Anywhere、PC-NFS、POP3、PostgreSQL、RDP、Rexec、Rlogin、Rsh、SIP、SMB(NT)、SMTP、SMTP enumeration、SNMP v1+v2+v3、SOCKS5、SSH(v1 and v2)、SSHKEY、Subversion、Teamspeak (TS2)、Telnet、VMware-Auth、VNC and XMPP`.
hydra –L /root/Desktop/user.txt –P /root/Desktop/pass.txt IP mysql
-L: Specify the user name dictionary path-P: Specify password dictionary path
Two 、Ncrack
Ncrack Is a high-speed network authentication cracking tool . It aims to help companies protect their networks by proactively testing all their hosts and network devices for password errors .Ncrack Is to use a modular approach 、 Be similar to Nmap Command line syntax and dynamic engine design that can adjust its behavior according to network feedback . It allows fast and reliable large-scale auditing of multiple hosts .kali Toolset integrated .
Ncrack The functionality of the includes a very flexible interface , Allow users to have complete control over network operations , Allow very complex brute force attacks , Easy to use timing templates , Be similar to Nmap The runtime interaction of . Supported protocols include
SSH、RDP、FTP、Telnet、HTTP(S)、Wordpress、POP3(S)、IMAP、CVS、SMB、VNC、SIP、Redis、PostgreSQL、MQTT、MySQL、MSSQL、MongoDB、Cassandra、WinRM、OWA , and DICOM
Project address :
https://nmap.org/ncrack/
ncrack –U /root/Desktop/user.txt -P /root/Desktop/pass.txt IP -p 3306
-U: Indicates the path to the user name list-P: Indicates the path to the password list
3、 ... and 、Medusa
Medusa It's a fast one 、 A parallel and modular login brute force cracker . The goal is to support as many services as possible that allow remote authentication .kalikali Toolset integrated .
file :
www.foofus.net/jmk/medusa/medusa.html
Source code :https://github.com/jmk-foofus/medusahttps://github.com/jmk-foofus/medusa/archive/2.2.tar.gz
The main functions are as follows :
1、Thread based parallel testing: It can target multiple hosts at the same time 、 The user or password performs a brute force test .
2、Flexible user input: Target information can be specified in a number of ways ( host / user / password ). for example , Each item can be a single item , It can also be a file that contains multiple entries . Besides , The combined file format allows users to refine their target list .
3、Modular design: Each service module acts as an independent .mod File exists . This means that the list of supported services can be extended for brute force cracking without any modification to the core application .
4、Support multiple protocols: Many services are currently supported ( for example SMB、HTTP、POP3、MS-SQL、SSHv2 etc. ).
medusa -h IP –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M mysql
-U: Indicates the path to the user name list-P: Indicates the path to the password list-M: Specify the burst parameter type
Four 、Metasploit
msf > use auxiliary/scanner/mysql/mysql_login
msf auxiliary(mysql_login) > set rhosts IP
msf auxiliary(mysql_login) > set user_file /root/Desktop/user.txt
msf auxiliary(mysql_login) > set pass_file /root/Desktop/pass.txt
msf auxiliary(mysql_login) > set stop_on_success true
msf auxiliary(mysql_login) > run
边栏推荐
- Thank you for your recognition! One thank-you note after another
- Tencent cloud CIF engineering effectiveness summit was successfully opened, and coding released a series of new products
- News | detailed explanation of network security vulnerabilities of branch enterprises
- The medical technology giant was blackmailed and Microsoft announced 74 security vulnerabilities | global network security hotspot
- Tencent cloud launched its new 100g+ cloud server product!! Expect more than 400g+ in the future!
- The importance of the computer room to the stable operation of the server
- What is load balancing? What are the functions of load balancing?
- Use Charles to capture the package of the applet through the mobile agent
- System library golang Org/x/time/rate frequency limiter bug
- Do you understand TLS protocol?
猜你喜欢
Thank you for your recognition! One thank-you note after another
在pycharm中pytorch的安装
内存泄漏之KOOM
QT creator tips
元气森林推“有矿”,农夫山泉们跟着“卷”?
Do you understand TLS protocol?
On Sunday, I rolled up the uni app "uview excellent UI framework"
Modstartcms theme introductory development tutorial
Community pycharm installation visual database
ModStartCMS 主题入门开发教程
随机推荐
内存泄漏之KOOM-Shark中的Hprof信息
Case analysis | interpret the truth that multi branch enterprises choose sd-wan network reconstruction in combination with real cases
What is distributed configuration center Nacos? What are the functions of distributed configuration center Nacos?
What protocols do fortress computers have and what protocols do fortress computers generally use
Actual battle case | refuse information disclosure, Tencent cloud helps e-commerce fight against web crawlers
Is it necessary to buy EIP? Price analysis of EIP
Principle of efficient animation Implementation-A preliminary exploration of jetpack compose
Typera cooperates with picgo to upload pictures to its own server with one click and obtain external links at the same time
News | detailed explanation of network security vulnerabilities of branch enterprises
Some basic knowledge of data center server cabinet
Record a programming contest
Understand Devops from the perspective of leader
Self built DNS to realize the automatic intranet resolution of tke cluster apiserver domain name
Rasa 3.x 学习系列-Rasa 3.2.0 新版本发布
Psexec right raising
Which brand is a good backup all-in-one machine price
On Sunday, I rolled up the uni app "uview excellent UI framework"
Build a small program + management background in 7 days, and this goose factory HR is blessed!
[new double 11] the latest interpretation of Tencent cloud double 11! Get 11000 yuan voucher now!!
A Tencent interview question